CVE-2008-2511

Exploit

EPSS 4.7%
Veröffentlicht 02.06.2008 21:30:00
Zuletzt bearbeitet 23.04.2026 00:35:47
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Directory traversal vulnerability in the UmxEventCli.CachedAuditDataList.1 (aka UmxEventCliLib) ActiveX control in UmxEventCli.dll in CA Internet Security Suite 2008 allows remote attackers to create and overwrite arbitrary files via a .. (dot dot) in the argument to the SaveToFile method.  NOTE: this can be leveraged for code execution by writing to a Startup folder.  NOTE: some of these details are obtained from third party information.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 10

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ca ≫ Internet Security Suite Plus 2008

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	4.7%	0.889

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

http://retrogod.altervista.org/9sg_CA_poc.html

Exploit

http://secunia.com/advisories/30420

Vendor Advisory

http://www.securityfocus.com/archive/1/492679/100/0/threaded

http://www.securitytracker.com/id?1020129

http://www.vupen.com/english/advisories/2008/1696/references

https://exchange.xforce.ibmcloud.com/vulnerabilities/42712

https://www.exploit-db.com/exploits/5682

https://nvd.nist.gov/vuln/detail/CVE-2008-2511

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-2511

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-2511

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2008-2511